Major 2022 Cybersecurity Breaches Wrap-up
We’ve heard it said that there are two types of companies: Those who have been hacked, and those who will be.
Reaching an all-time high, the cost of a data breach averaged $4.35 million in 2022, reported in the IBM Security and Ponemon Institute 2022 Cost of a Data Breach Report.
The top three patterns: system intrusion, social engineering, and basic web application attacks represent 88% of breaches, according to data from Verizon’s 2022 Data Breach Incident Report (DBIR).
It pains us to report on the major cybersecurity breaches of 2022, but it reinforces the action we beg clients to take: protect yourself early to be ready for an attack.
Biggest hacks of 2022
According to US News & World Report, 10 significant breaches of 2022 include:
- Ronin
In what is believed to be the costliest breach at a cryptocurrency platform, hackers hit the Ronin crypto “bridge” in March and stole the equivalent of more than $600 million from the service, which allows people to exchange different types of digital coins. - Microsoft
Microsoft Security announced in March that its servers were hit by hackers as part of a “large-scale social engineering and extortion campaign” targeting several organizations. - Uber
On September 17, Uber said that attackers – most likely the same Lapsus$ group that hit Microsoft and others earlier in the year – accessed its internal network including its Slack channel and downloaded some information from an internal finance tool. - News Corp
News Corp, the publisher of the Wall Street Journal and a range of global media outlets, said in a securities filing that it was hit by a cyberattack in January 2022 and that some data was taken. - Wormhole
Another crypto “bridge” service called Wormhole suffered a loss of more than $300 million in an attack in February that was announced on Twitter. - Crypto.com
The Singapore-based digital wallet operator Crypto.com revealed in January that hackers breached its network and stole the equivalent of more than $30 million in cryptocurrency. Nearly 500 customers were affected but the company said it reimbursed anyone whose accounts were breached. - Cash App
In April 2022, the money transfer Cash App’s parent firm Block Inc. disclosed in a securities filing that a former employee had accessed and downloaded information from as many as 8.2 million customers in December 2021. - GiveSendGo
The Christian crowdfunding site GiveSendGo, which gained notoriety for supporting the Canadian trucker’s “Freedom Convoy,” said in February a hacker got into its servers and revealed 92,000 donor names and email addresses. - Red Cross
In January, The International Committee of the Red Cross said that sophisticated hackers accessed the personal data of 515,000 people working with the relief organization as well as the affiliated Red Crescent. - LastPass
A popular password manager used by some 30 million people to secure their account credentials, disclosed in September that some of its source code and technical information was taken.
Interested in reading more? Here’s another roundup of the biggest data breaches and leaks of 2022.
Government, finance, education, and business markets are all targets, but one of the market segments being hit the hardest recently is healthcare. Let’s explore that industry.
Why is healthcare such a target?
Healthcare has the highest rate of insider threats (both malicious activity and user errors) of any industry at 39% (Verizon’s 2022 Data Breach Investigations Report).
As has become typical, there were several healthcare mega-breaches during 2022.
- The Eye Care Leaders EMR breach exposed more than 2 million records.
- Shields Health Care Group in Quincy, Mass., which provides management and imaging services to more than 50 healthcare facilities, also reported a breach involving 2 million individuals.
- Partnership HealthPlan of California, a third-party entity that administers Medicare benefits, suffered a breach that affected 850,000 individuals.
- Arizona’s Yuma Regional Medical Center disclosed that it was the victim of a ransomware attack that exposed the Social Security numbers and other personal information of 700,000 individuals.
Healthcare organizations have experienced a spike in attacks due to their high likelihood to pay a ransom, the value of patient records, and often inadequate security. Phishing attacks are exceptionally dangerous for healthcare organizations because patient data is one of the most valuable assets for criminals today.
Every healthcare company needs to prioritize security. In particular, since email is one of the most frequent entry points for data breaches, we recommended a zero-trust approach for organizations.
Healthcare providers also have a legal obligation to protect patients and their PHI, especially when sending or receiving emails. So, your email security strategies and solutions need to address both cybersecurity and HIPAA compliance.
Moving forward into 2023
The best plan possible for 2023 is to acknowledge the severe threat of the cyberwar being waged, assess a company or system situation, and plan and implement a security strategy tailored for your specific sector.
Will it be easy? Definitely not. But putting in the legwork now means that you’re best prepared for the future. And the way cybercrime is trending, we should all be prepared for battle.
If you’d like more information, contact us today for an expert consultation for your industry.
Photo by Tirza van Dijk on Unsplash